StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cyber Security in Business Organizations - Case Study Example

Cite this document
Summary
The paper "Cyber Security in Business Organizations" highlights that the attack is an example of poor information security management despite having one of the most powerful cyber security software. Target’s investment into the malware detection software by FireEye was legitimate…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.7% of users find it useful
Cyber Security in Business Organizations
Read Text Preview

Extract of sample "Cyber Security in Business Organizations"

Cyber Security in Business Organizations Cyber Security in Business Organizations Information security is a growing challenge among organizations that have implemented information systems. With the incorporation of information technology into organizational operations, corporations have become vulnerable to a plethora of information security risks. Failure of information systems can cost organizations heavily in the form of declining consumer trust, monetary losses, and deteriorating shareholder confidence. Johnson and Goetz (2007) describe security risk management as a balance between “maintaining security” and keeping the business going. Information security failures tip the balance and expose organizations to the aforementioned threats. Organizations are challenged by the trend to ‘go global’ which implies that security programs should encompass the entire global market of a firm. In effect, this means that each individual unit of the firm dispersed globally should take responsibility for the security risks that are encountered. Despite having a strong central security infrastructure in place, ownership is an important issue that drives information security forward, especially in situations where the business critical applications lie outside the infrastructure (Johnson and Goetz, 2007). Internal organizational factors are also critical to the information security challenge. Education and consultancy within the organization has become important to ensure that employees understand what they are asking for so that security professionals can better respond to the need of the situation. However, spreading awareness through consultancy is not an absolute solution. Many organizational members are resistant to change and change management is a subject executives are often concerned about. Facilitating a proactive work culture and involving line managers to take responsibility and auditors to enforce security can be pivotal. This can ensure compliance and help deal with information security issues by making internal employees accountable (Johnson and Goetz, 2007). Protecting data and information in the midst of mobile technology has become an even greater challenge. The new age of smart phones has built a collaborative environment where protecting information security and intellectual property has become a great concern. Permissions are granted through a strong identity management system to access the information. However, a lot of it has to do with policy making and the enforceability of such policies. Compliance with information security standards is another challenge for many organizations as they are dictated by strict laws and regulations. Many organizations do not possess the funds necessary to implement security programs or allocate budgets to improve the existing system (Johnson and Goetz, 2007). Target received many red flags as the hackers attempted to get into the system. Only six months before the attack, Target had installed malware detection software created by FireEye. In addition to this, Target had a team of cyber security personnel in Bangalore, India to monitor their system. After the hackers attacked Target’s systems, FireEye – the security software – detected the malicious malware (Riley, Elgin, Lawrence, and Matlack, 2014). Even Target’s outsourced security professionals in Bangalore spotted the malware and alerted Target’s security team headquartered in Minneapolis. As the hackers continued installing 5 malwares, the system kept sending out alerts. Despite the red flags, Target did not respond to the security threats. Not only did it ignore the security breach, its security team chose to switch off the option where the malware could have been automatically deleted by FireEye (Riley, Elgin, Lawrence, and Matlack, 2014). Possible reasons for ignoring the alerts include skepticism regarding the efficacy of the FireEye software as well as other organizational factors. For one, turning off automatic malware deletion on FireEye could have been done to allow Tagret’s security professionals with a chance to review the situation in case the malware was not serious. Because the hackers used a very unsophisticated method to attack Target’s system, the threat could have been low on its priority list. Whitman (2003) points out that many a times, IT executives do not take security risk seriously because they think they have either addressed it effectively or because they consider it unimportant. Skepticism about the newly installed security software by FireEye could also be the reason why the risk was not assessed effectively and the alert was ignored. The fact that the hackers gained access through a vendor’s credentials added to the skepticism leading to poor assessment of the severity of the security risk. Having a vendor’s credentials could have seemed fairly credible which is why the security team did not quickly respond to the threat. Target’s security took a long time to respond to the security breach. Credit card information began leaking out on December 2nd however it was not until December 15th that the malware was finally removed (Riley, Elgin, Lawrence, and Matlack, 2014). It was not until federal investigators from the Department of Justice notified Target on December 12th that the company began following up on the matter. Between a time lag of 13 days, millions of credit card numbers, addresses, and phone numbers were stolen. Target did not notify its customers until December 19th – after it had resolved the issue – but their credit cards were already being charged for items ordered from Russia. In response to the damages made to the customers, Target CEO announced that the consumers will not have to pay for the charges. Target also carried out a thorough review of its information security system to analyze the case. This was followed by a formal investigation into the matter including a complete restructuring of its IT security infrastructure to prevent future attacks. This included efforts to speed up the transition into chip-enabled cards that are more secure than magnetic cards (Riley, Elgin, Lawrence, and Matlack, 2014). The thirteen-day delay involved in responding to the security risk reflects an inefficient response to the threat. However, it was a positive step by Target’s CEO to pay for the fraudulent charges made on customers’ credit cards. This demonstrated an effort to cover the damages made to the consumers. Further, the introduction of chip-enabled cards was a good decision as they are generally more secure than the magnetic strip cards that are common in the USA. Although restructuring of the information security system is not a permanent solution without enforcing strict policies within the company regarding compliance and immediate response to security vulnerabilities. Ideally, the red flag given by FireEye should have been taken seriously by Target’s security team. Delays in responding to the situation in a timely manner led to millions of credit card information being lost to hackers. In conclusion, the attack is an example of poor information security management despite having one of the most powerful cyber security softwares. Target’s investment into the malware detection software by FireEye was legitimate. The software proved its ability to detect malicious codes by sending out many alerts on the various occasions hackers tried to insert the malware. This shows that its current IT security infrastructure was strong enough to recognize vulnerabilities and even delete the malwares trying to steal information. Added to this is the fact that the hackers used an unsophisticated technique to gain access which could have easily been addressed. However, Target’s security team based in Minneapolis ignored the alerts showing poor decision making and response skills to counter the attack. Further, Target’s management did not have any check in place to ensure that someone was responsible. Since, no one took ownership of the issue, the unfortunate incident resulted in the loss of millions of sensitive data. Ultimately it all boils down to the fact the management showed poor response to the security threat, failing to follow up on the matter until it was notified by the Department of Justice. References Johnson, M., & Goetz, E. (2007). Embedding Information Security into the Organization. In 2007 IEEE Symposium on Security and Privacy (pp. 17-24). Oakland, California, USA: IEEE. Retrieved from http://digitalstrategies.tuck.dartmouth.edu/cds-uploads/publications/pdf/SecurityOrg.pdf Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014). Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Businessweek. Retrieved 10 May 2015, from http://www.bloomberg.com/bw/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data Whitman, M. (2003). Enemy at the gate. Commun. ACM, 46(8), 91-95. doi:10.1145/859670.859675 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Cyber Security in Business Organizations Case Study”, n.d.)
Cyber Security in Business Organizations Case Study. Retrieved from https://studentshare.org/information-technology/1694134-cyber-security-in-business-organizations
(Cyber Security in Business Organizations Case Study)
Cyber Security in Business Organizations Case Study. https://studentshare.org/information-technology/1694134-cyber-security-in-business-organizations.
“Cyber Security in Business Organizations Case Study”, n.d. https://studentshare.org/information-technology/1694134-cyber-security-in-business-organizations.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cyber Security in Business Organizations

Cyber crime and security affair in e-business

Cyber criminals take advantage of loopholes in software and hardware architecture and make big organizations collapse in days.... With the growth in size and speed of organizations, a need arose to make the systems automated and less dependent on humans.... organizations are dependent on outsourcing and do not completely control people who work for them.... organizations are very cautious about cyber attacks however appear helpless in front of expertise displayed by hackers....
24 Pages (6000 words) Article

Vulnerability of an Organizations Information System

The information technology (IT) managers of today's business organizations are thus encountered with severe challenges in regard to such vulnerabilities (Platsis, 2012).... This paper ''Vulnerability of an Organizations Information System''  focuses on the vulnerabilities those organizational information systems presently challenging the IT managers, with over viewing the most important cyber security vulnerability and considering measures that might protect organizations from such vulnerabilities....
10 Pages (2500 words) Research Paper

Protocols and Policy to Secure Software

8 Pages (2000 words) Essay

Cyber Security and Business

The author concludes that cybersecurity is very essential to national and homeland security in it assists in barring computer hackers from accessing critical information.... In addition, cyber security is important to the functioning of safety essential systems like the response to an emergency and to the guard of the government's infrastructure systems.... The private sector has been opposing governments efforts to impose stricter regulation of cyber security but it is of great significance to protect the telecommunication sector and electric grid that is in the hands of the private sector....
6 Pages (1500 words) Term Paper

Cyber Security as the Process of Different Security Measures

This essay analyzes that cyber security refers to the process of applying different security measures to foster integrity, confidentiality, and accessibility of data.... cyber security ensures the protection of assets of an organization, including servers, data, buildings, humans, and desktops.... cyber security is a global concern because cyberspace is increasingly becoming a crucial asset to nations.... cyber security is a global concern because cyberspace is increasingly becoming a crucial asset to nations....
6 Pages (1500 words) Essay

The Development of Security Domains

In this regard, both large organizations and small and medium-sized enterprises depend on internet services in order to perform their operations.... hellip; In the present modern era 'Information Security Management', has been one of the most crucial factors with the help of which organizations can ensure their efficiency and effectiveness.... Thus, most of the SMEs and large organizations are interlinking systems, which specifically aim towards safeguarding the digitized information....
17 Pages (4250 words) Term Paper

Compilation of Security Data Issues

Most organizations and businesses implement numerous forms of security by enforcing hardware remedies such as firewalls and routers.... It allows individuals and organizations to securely access significant data from the workplace at any place.... An inventive data encryption resolution enables organizations or businesses to flow at a standard pace, quietly securing sensitive data simultaneously.... Data encryption permits a business to attain military-level security with simple and inexpensive solutions (Salomon 2003)....
12 Pages (3000 words) Report

Cyber Security, Network and Computer Systems Administrators, and Computer Programmer

The articles outline the need for powerful security in the various companies' cyberinfrastructure because it will provide an impetus for website developers to create and design new as well as upgraded software to prevent, detect, and contain the present and emerging cyber-security threats.... "cyber security, Network and Computer Systems Administrators, and Computer Programmer" paper contain an annotated bibliography that reviews five sources for the following three occupations: cyber security, Network and Computer Systems Administrators, and Computer Programmer....
3 Pages (750 words) Annotated Bibliography
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us